Lucene search
K

483 matches found

The Hacker News
The Hacker News
added 2011/06/18 7:17 a.m.7 views

SAMHAIN v2.8.5 - intrusion detection system

SAMHAIN v2.8.5 - intrusion detection system The samhain open source host-based intrusion detection system HIDS provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2011/06/06 6:17 p.m.8 views

Attackers Using Amazon Cloud to Host Malware

Attackers are beginning to host their malicious domains and drive-by download sites, and most recently researchers have discovered a number of domains on Amazon’s cloud platform that are being used to install malware as part of a spam and phishing campaign designed to steal banking credentials an...

0.6AI score
Exploits0References2
ThreatPost
ThreatPost
added 2011/06/03 5:34 p.m.12 views

TDSS Rootkit Gets Its Own Self-Replicating Loader

The group behind the TDSS rootkit has developed a new method for getting the pernicious malware onto as many machines as possible: a worm-like, self-propagating loader. The new mechanism has the ability not only to install new copies of the rootkit on PCs, but also set up its own DHCP server on a...

1.6AI score
Exploits0References3
ThreatPost
ThreatPost
added 2011/05/24 6:17 p.m.18 views

ZeroAccess Rootkit Latest in Line of x64 Malware to Appear

Never ones to be left behind as progress marches on, attackers are beginning to develop more and more tools aimed specifically at exploiting 64-bit machines. The latest entry into the field is an x64 version of the ZeroAccess rootkit, a nasty piece of malware that’s been circulating for some time...

1.6AI score
Exploits0References4
ThreatPost
ThreatPost
added 2011/05/20 1:36 p.m.8 views

New 64-Bit Rootkit Being Used to Steal Banking Credentials

Security researchers have come across a new rootkit that is designed specifically to infect 64-bit Windows systems and steal users’ online banking credentials. It’s believed to be the first piece of malware of its kind that is capable of compromising x64 systems. The new rootkit is being used by...

1.2AI score
Exploits0References2
The Hacker News
The Hacker News
added 2011/05/20 4:19 a.m.7 views

RKAnalyzer - kernel level rootkit analyzer !

RKAnalyzer - kernel level rootkit analyzer ! RKAnalyzer is a kernel level rootkit analyzer and defender using Hardware Virtualization Techniques, based on the BitVisor ProjectA VMM developed by Tsukuba University and open-sourced under BSD License. It tries to monitor kernel level rootkits'...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2011/05/16 2:39 p.m.21 views

New Version of Alureon Ups the Ante on Encryption

A new version of the venerable Alureon malware has appeared, and this one includes some odd behavior designed to prevent analysis and detection by antimalware systems. However, this isn’t the typical evasion algorithm, as it uses some unusual encryption and decryption routines to make life much...

0.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2011/05/10 3:54 p.m.11 views

November, 2005: Sony/BMG Digital Rights Management Rootkit

Sony helped create the home entertainment industry by successfully defending the right of its customers to copy movies for personal use with the help of its Betamax technology, of course all the way to the U.S. Supreme Court. That made the debacle of the company’s decision, two decades later, to...

0.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2011/04/12 7:0 p.m.119 views

Microsoft Pushes Out Two New Security Tools

In parallel with its release of 17 bulletins on Patch Tuesday this month, Microsoft also unveiled two new tools that are meant to help make a couple of common exploitation scenarios more difficult for attackers. The company released a tool called Office File Validation for some older versions of...

9.3CVSS0.8AI score0.99945EPSS
Exploits33References2
The Hacker News
The Hacker News
added 2011/04/06 5:25 a.m.6 views

New Chinese MBR Rootkit Identified

A new rootkit that uses the master boot record MBR to hide itself has been discovered in China and is being used to install an online game password stealer. The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2011/02/11 7:4 a.m.10 views

Reversing Stuxnet's Rootkit Into C++ , Download !

This is the first time Mr. Amr Thabet from Egypt , student at Alexandria University Faculty of Engineering Mechanical Department , reverse a rootkit. He choose Stuxnet Rootkit as it's a famous virus and begin reversing.. Finally now he convert it into C++ code with a commented IDA Pro v.5.1...

7.1AI score
Exploits0
rdot
rdot
added 2011/02/04 12:0 a.m.141 views

LKM rootkit в современных Linux

В этой статье мы научимся собирать LKM-rootkit под современные ядра Linux, не смотря на то, что многие пишут, что это неактуально. Попробую опровергнуть это. В данной статье использованны вещи, доступные в паблике и некоторые мои наработки. Руткиты подразделяют на ядерные уровня ядра и неядерные...

0.1AI score
Exploits0
0day.today
0day.today
added 2011/01/22 12:0 a.m.41 views

Panda Global Protection 2010 local Dos (unfiltered wcscpy())

Exploit for windows platform in category dos / poc include include include include define SystemModuleInfo 11 / Program : Panda Global Protection 2010 3.01.00 Homepage : http://www.pandasecurity.com Discovery : 2010/04/09 Author Contacted : 2010/07/15 Status of vuln : Patched ! Found by : Heurs...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2011/01/20 4:28 p.m.8 views

Mobile Attacks Reign at Black Hat DC

ARLINGTON, VA–A number of researchers showed off interesting new attack techniques at the Black Hat DC conference this week, including one that enables an attacker to execute malicious code on handsets over the air. Perhaps the most interesting technique discussed at the show was a novel attack...

1.5AI score
Exploits0
ThreatPost
ThreatPost
added 2010/12/17 4:55 p.m.13 views

Rootkit Being Used in Attacks on Exim Bug

Attackers have begun using the bug in the Exim mailer that was disclosed earlier this week to install a rootkit on machines running vulnerable versions of the software. The vulnerability in Exim, which is a mail transfer agent used on Unix-based machines, came to light on Monday and can result in...

0.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2010/12/07 7:0 p.m.15 views

TDL4 Rootkit Now Using Stuxnet Bug

The TDL4 rootkit, which reared its head last month as the latest evolution of the venerable TDSS malware family, is now using one of the Windows bugs that was first seen in use by Stuxnet. The latest modification to TDL4 enables the rootkit to use the unpatched Windows Task Scheduler vulnerabilit...

2.7AI score
Exploits0References3
0day.today
0day.today
added 2010/12/03 12:0 a.m.21 views

ProFTPD 1.3.3c compromised source remote root Trojan

Exploit for php platform in category remote exploits ==================================================== ProFTPD 1.3.3c compromised source remote root Trojan ==================================================== == ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/12/03 12:0 a.m.62 views

ProFTPD 1.3.3c Trojan Source Code

== ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/12/02 12:0 a.m.57 views

ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution

== ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/12/02 12:0 a.m.14 views

ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution

ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution == ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemo...

0.1AI score
Exploits0
Rows per page
Query Builder